﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;

public partial class home : System.Web.UI.Page
{
   
    bool isAdmin = false;

    protected void Page_Load(object sender, EventArgs e)
    {
        
    }
    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        Session.Clear();
        bool Authenticated = false;
        Authenticated = SiteSpecificAuthenticationMethod(Login1.UserName, Login1.Password);

        e.Authenticated = Authenticated;

        if (Authenticated)
        {
            Session.Timeout = 60;
            String url = Request.Params["returnUrl"];
            String role = Request.Params["role"];
            

            if (isAdmin)
            {
                if (!Util.IsBlank(url))
                {
                    if("admin".Equals(role)) this.Response.Redirect(url);
                }
                this.Response.Redirect("./common/admin_applicant_list.aspx");
            }
            else
            {
                if (!Util.IsBlank(url))
                {
                    if ("user".Equals(role)) this.Response.Redirect(url);
                }
                this.Response.Redirect("./common/after_login_home.aspx");
            }
        }
    }

    private bool SiteSpecificAuthenticationMethod(string UserName, string Password)
    {
        SqlConnection con = DBManager.getSqlConnection();
        con.Open();
        bool isAuth = false;
        if (UserName.StartsWith("100"))
        {
            this.isAdmin = false;
            string sql = "select C.custID, C.fName,C.lName,S.accountNo,C.custGender,C.custNRIC,C.custNationality,C.custDob,C.custTel,C.custMobile,C.custAddress,C.email,C.custOccupation,C.custPostal,C.custMarital" +

                                            " From CUSTOMER C INNER JOIN SAVING_ACCOUNT S ON C.custID = S.custID Where C.custID='" + UserName + "' and C.custPassword='" + Password + "'";
            SqlCommand cmd = new SqlCommand(sql, con);
            SqlDataReader dr = cmd.ExecuteReader();

            Session["userId"] = UserName;
           
            if (dr.Read())
            {
                Session["userName"] = dr.GetString(1) + dr.GetString(2);
                Session["userId"] = dr.GetString(0);
                Session["fName"] = dr.GetString(1);
                Session["lName"] = dr.GetString(2);
                Session["savingAccountNo"] = dr.GetString(3);
                Session["custGender"] = dr.GetString(4);
                Session["custNRIC"] = dr.GetString(5);
                Session["custNationality"] = dr.GetString(6);
                Session["custDob"] = dr.GetDateTime(7);
                Session["custTel"] = dr.GetString(8);
                Session["custMobile"] = dr.GetString(9);
                Session["custAddress"] = dr.GetString(10);
                Session["custEmail"] = dr.GetString(11);
                Session["custOccupation"] = dr.GetString(12);
                Session["custPostal"] = dr.GetString(13);
                Session["custMarital"] = dr.GetString(14);
               

               
                isAuth = true;
               
            }
            dr.Close();
        }
        else if (UserName.StartsWith("120"))
        {
            this.isAdmin = true;
            SqlCommand cmd = new SqlCommand("select staffID, staffFName, staffLName from STAFF where staffID='" + UserName + "' and staffPassword='" + Password + "'", con);
            SqlDataReader dr = cmd.ExecuteReader();

            if (dr.Read())
            {
                Session["userName"] = dr.GetString(1) + dr.GetString(2);
                Session["userId"] = dr.GetString(0);
                Session["staffFName"] = dr.GetString(1);
                Session["staffLName"] = dr.GetString(2);

                isAuth = true;
            }
            dr.Close();
        }

        con.Close();
        return isAuth;
    }

   /* private bool SiteSpecificAuthenticationMethod(string UserName, string Password)
    {

        string Id, password;

        Id = Convert.ToString(UserName);

        password = Convert.ToString(Password);


        SqlCommand cmd = new SqlCommand("select * from CUSTOMER where custID='" + Id + "' and custPassword='" + password + "'", con);

        SqlDataReader dr = cmd.ExecuteReader();

        if (dr.Read())
        {

            if (UserName.StartsWith("100"))
            {

                Session["userId"] = UserName;
                this.Response.Redirect("./common/admin_applicant_list.aspx");

            }
            else if (UserName.StartsWith("111"))
            {

                Session["userId"] = UserName;
                this.Response.Redirect("./common/after_login_home.aspx");
            }

            else
            {

                Response.Write("User Account Invalid");

            }


            // if no data found should return false;
            // if data are found => get all column values and set to the session
            // like: Session["userId"]=dr.read("custId");
            //       Session["userName"]=dr.read("name");


            //      isAdmin = false;
            //    return true;//can return true only when the record is in the selected table
            //    }
            //    else if (UserName.StartsWith("111"))
            //    {
            //
            // should from STAFF table not CUSTOMER table

            //  SqlCommand cmd = new SqlCommand("select * from CUSTOMER where custID='" + Login1.UserName + "' and custPassword='" + Login1.Password + "'", con);

            //  SqlDataReader dr = cmd.ExecuteReader();


            // if no data found should return false;
            // if data are found => get all column values and set to the session
            // like: Session["userId"]=dr.read("staffId");
            //       Session["userName"]=dr.read("name");


            isAdmin = true;
            return true;//can return true only when the record is in the selected table
        }

        return false;
    }*/
}